From owner-p4-projects@FreeBSD.ORG  Sat Jun 13 10:00:33 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id E53411065672; Sat, 13 Jun 2009 10:00:32 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8CE0F106564A
	for <perforce@freebsd.org>; Sat, 13 Jun 2009 10:00:32 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 71EAB8FC22
	for <perforce@freebsd.org>; Sat, 13 Jun 2009 10:00:32 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5DA0W8F090303
	for <perforce@freebsd.org>; Sat, 13 Jun 2009 10:00:32 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5DA0WAf090301
	for perforce@freebsd.org; Sat, 13 Jun 2009 10:00:32 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sat, 13 Jun 2009 10:00:32 GMT
Message-Id: <200906131000.n5DA0WAf090301@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 164253 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2009 10:00:34 -0000

http://perforce.freebsd.org/chv.cgi?CH=164253

Change 164253 by rwatson@rwatson_freebsd_capabilities on 2009/06/13 10:00:15

	Demonstrate nested sandboxes in libcapability_exec/sandbox_echo by
	having sandbox_echo launch a second sandbox that will actually
	implement echo, and the first will just proxy between the host and
	the second sandbox.
	
	Use err() to report sandbox errors on stderr, since we authorize
	this example sandboxed app to write to stderr, and it makes things
	significantly easier to debug.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/libcapability_exec/libcapability_exec.c#3 (text+ko) ====

@@ -48,7 +48,7 @@
 main(int argc, char *argv[])
 {
 	struct lc_sandbox *lcsp;
-	char *sandbox_argv[2] = { argv[1], NULL };
+	char *sandbox_argv[3] = { argv[1], "nested", NULL };
 	struct iovec iov;
 	size_t len;
 	char ch;

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#3 (text+ko) ====

@@ -38,30 +38,81 @@
 #include <sys/uio.h>
 
 #include <err.h>
+#include <errno.h>
 #include <libcapability.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
+#define	MYNAME	"sandbox_echo"
+
 int
 main(int argc, char *argv[])
 {
+	char *sandbox_argv[3] = { MYNAME, NULL };
+	struct lc_sandbox *lcsp;
 	struct lc_host *lchp;
 	u_int32_t opno, seqno;
 	struct iovec iov;
 	u_char *buffer;
 	size_t len;
+	int fd;
 
 	if (lcs_get(&lchp) < 0)
 		errx(-1, "libcapability sandbox binary");
 
-	while (1) {
-		if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0)
-			return (-2);
-		if (len != 1)
-			return (-3);
-		iov.iov_base = buffer;
-		iov.iov_len = 1;
-		if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0)
-			return (-4);
-		free(buffer);
+	if (argc > 1 && strcmp(argv[1], "nested") == 0) {
+
+		fprintf(stderr, "%s\n", getenv("LD_CAPLIBINDEX"));
+		if (ld_caplibindex_lookup(MYNAME, &fd) < 0)
+			err(-10, "ld_caplibindex_lookup(%s)", MYNAME);
+
+		if (lch_startfd_flags(fd, MYNAME, sandbox_argv,
+		    LCH_PERMIT_STDERR, &lcsp) < 0)
+                	err(-1, "lch_start %s", argv[1]);
+		while (1) {
+			if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
+			    < 0) {
+				if (errno != EPIPE)
+					err(-2, "lcs_recvrpc");
+				else
+					exit(-1);
+			}
+			if (len != 1)
+				errx(-3, "lcs_recvrpc len");
+			iov.iov_base = buffer;
+			iov.iov_len = 1;
+			if (lch_rpc(lcsp, opno, &iov, 1, &iov, 1, &len) < 0)
+				err(-4, "lch_rpc");
+			if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) {
+				if (errno != EPIPE)
+					err(-5, "lcs_sendrpc");
+				else
+					exit(-5);
+			}
+			free(buffer);
+		}
+	} else {
+		while (1) {
+			if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
+			    < 0) {
+				if (errno != EPIPE)
+					err(-6, "lcs_recvrpc");
+				else
+					exit(-6);
+			}
+			if (len != 1)
+				errx(-7, "lcs_recvrpc len");
+			iov.iov_base = buffer;
+			iov.iov_len = 1;
+			if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) {
+				if (errno != EPIPE)
+					err(-8, "lcs_sendrpc");
+				else
+					exit(-8);
+			}
+			free(buffer);
+		}
 	}
 }